Well, it’s finally here. Yesterday (January 14) marked Microsoft’s end of support for Windows 7, Windows Server 2008, and Windows Server 2008 R2. Security updates for these operating systems will no longer be released to the general public, though Microsoft is providing a paid extended support program with an escalating cost structure. Coverage is on a per-system basis and starts at $25 per device running Windows 7 Enterprise and $50 per each Windows 7 Pro PC. The support’s cost will double each following year for both, until it reaches $100 per Windows 7 Enterprise license and $200 per Windows 7 Pro license.
Microsoft strongly encourages administrators to upgrade Windows 7 systems to Windows 10, and either migrate Server 2008 systems to Azure or upgrade to Server 2016 or 2019.
Going forward, unpatched systems will likely become the favorite targets for attackers, especially those proficient with exploiting Server Message Block (SMB) and Remote Desktop Protocol (RDP) vulnerabilities. In addition, expect to see an increase in phishing attacks that attempt to trick users into clicking links to “upgrade” their outdated operating systems. E-mail and web security controls, limitation of user privileges, and security awareness training are going to be paramount in combating this threat.
In other Microsoft news, the January 14 “Patch Tuesday” release contained numerous critical hotfixes. So critical, in fact, that the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) released an Emergency Directive mandating that Federal civilian Executive Branch agencies implement the patches within 10 business days. This is only the second time CISA has ever issued such a directive.
The most critical hotfixes in this release address vulnerabilities in the Windows CryptoAPI and RDP services. The CryptoAPI issue affects all Windows 10 machines and Windows Server versions 2016 and 2019. This vulnerability could make it easier for an attacker to intercept and decrypt otherwise-protected communications in transit, which could result in the loss of sensitive data (like the password you’re entering to log into a website). In addition, this vulnerability could allow an attacker to digitally sign a malicious program in a way that wouldn’t be flagged by the operating system. Without the warning message you’d otherwise see, it could be difficult to tell that a program is malicious when you’re installing it.
The RDP issue affects Windows Server 2008 and newer. This vulnerability could allow an attacker to connect to an accessible Remote Desktop Gateway (RD Gateway) without first authenticating, and then execute arbitrary code (i.e., do whatever he or she wants to on the server). Many organizations use RD Gateway in lieu of a remote-access VPN solution to accommodate remote employees, so this vulnerability carries the potential for widespread exploitation.
At present, Microsoft is unaware of active exploitation of these vulnerabilities. However, because patches have been publicly released, the underlying vulnerabilities can be reverse engineered to create exploits that target unpatched systems. Systems for which Corsica Technologies performs automated patch management will be remediated in accordance with established tests, intervals, and methods.
To learn how Corsica Technologies’ managed security services can help your organization defend against these cyberthreats and more, reach out to us at firstname.lastname@example.org or call (877) 659-2261.